OWASP Enterprise Security API (ESAPI) provides a security control library for helping programmers to integrate security into their applications. It is not a new framework, but it provides a common interface and reference implementations that can be benefited from other frameworks.
Security is a complex issue. The “weakest chain” is a well-known problem. If you need to provide security, you should consider all possible threats and relevant solutions. If you forget a control to integrate, then you would probably loose.
ESAPI aims to close this gap by providing a more “complete” best-practices for security controls. Let’s look at an encryption example in Java. In Listing 1, an AES symmetric encryption example which encrypts the given plain text with the secret key is shown. For readability, some details (e.g. includes, exceptions, comments etc.) are omitted.
